PC security gadfly Steve Gibson has released a simple Trojan horse program that masquerades as a "trusted" application and gains unrestricted access to a PC's Internet connection, slipping past most software firewalls.

In response, firewall vendors are scrambling to plug the holes detected by Gibson's Trojan, dubbed LeakTest, or are clarifying their software's capabilities.

LeakTest, available as a free download from Gibson Research, exploits what Gibson claims is a common weakness in most firewalls: the way they exempt "trusted" Internet applications from firewall restrictions.

Only one major firewall vendor -- ZoneAlarm -- does not use a method that Gibson claims LeakTest can exploit. Other vendors, including Symantec, McAfee.com, and Sygate, say they're working on modifications now.

The problem is in the common approach firewall programs use to block dangerous incoming traffic. Typical attacks come from hackers trying to access user files, or to fell a machine by flooding it with meaningless data -- known as a denial-of-service attack.

Most often, firewalls identify approved applications by name and their choice of ports. That's not enough, Gibson says. Like its mythical namesake, a Trojan horse program attacks from within, breaching a PC's defenses by simple trickery. Similar to viruses, Trojans masquerade as harmless or even useful programs that people exchange by e-mail or download. Once installed, Trojans open specific Internet connections, called ports, that hackers can exploit.

Since many legitimate programs -- such as Web browsers, e-mail clients, and instant messengers -- also open ports, the firewall's job is to distinguish trustworthy applications from nefarious ones. Gibson maintains any Trojan horse can easily be renamed and choose appropriate ports to disguise itself as a trusted application.

"There was no protection against one program pretending to be another just by changing the file name," Gibson says. He says he proves it with LeakTest, inviting anyone to download the 26K program and rename it from a list of programs trusted by Symantec's Norton Personal Firewall. When run, LeakTest initiates a connection with Gibson's server to test whether data escapes the firewall. The communication only confirms the firewall's vulnerability and does not transmit any personal data from the tester's PC, Gibson says.

Gibson's test indeed exploits a weakness in firewall products, say representatives of several major vendors.

Norton Personal Firewall 2001 can't distinguish between the real version of a program like Microsoft Internet Explorer and a renamed Trojan, such as the infamous Back Orifice 2000, says Tom Powledge, Symantec's senior product manager for consumer products.

"In this case, [Norton Personal Firewall] would not block it," says Powledge of LeakTest and other crafty Trojans.

McAfee.com's security architect Sam Curry agrees that McAfee.com Personal Firewall could also be fooled, since it "simply looks at the name of the executable." Both Powledge and Curry say they do not know of any actual malicious attacks based on Gibson's model. "But yes, it could be done," Curry says.

He adds that his company's firewall is based on the same architecture as the McAfee Firewall, sold by McAfee.com's former parent company, Network Associates.

Unlike the McAfee and Norton programs, Sygate Personal Firewall 2.1 does not have a built-in list of approved applications. However, one provision allows any applications through certain ports generally (but not necessarily) reserved for "legitimate" activities.

Representatives of another popular vendor, Network ICE, acknowledge that its intrusion detection/blocking program BlackICE would also fail Gibson's test, although they claim it would not fall prey to a truly malicious program.

BlackICE was not designed to identify programs that access the Internet, says Greg Gilliom, chief executive officer. Instead, it checks content of the actual data packets passing to and from the computer. BlackICE would permit LeakTest, because it is not doing anything harmful, Gilliom says.

"LeakTest is just a normal FTP client. As far as we're concerned, there's nothing malicious about that." But BlackICE would block a program that transmits suspicious packets, he says. For example, Gilliom says BlackICE Defender can identify the encryption patterns of Back Orifice 2000.

Gibson says the firewalls are too easily vulnerable. He modified his Trojan so it doesn't simply impersonate an approved application, but gives the firewall a new rule allowing entry of any application.

"There is nothing to prevent a Trojan from making its own entry" in the Application Lookup Engine (ALE) of Norton Personal Firewall, Gibson says. He expects most firewalls that predefine trusted applications share the flaw.

Only firewalls from Zone Labs were able to fend off LeakTest, Gibson says. The company's ZoneAlarm and ZoneAlarm Pro passed the test, he says, because they have a fundamentally different way to identify a trusted application. As a default, ZoneAlarm prohibits all traffic. It recognizes no applications as trusted, verifying them one by one as they first run.

Unlike many other firewalls, however, ZoneAlarm does not identify applications by name or choice of ports. Instead, it examines a program's actual code using a cryptographic standard called an MD5 checksum.

"It is conceptually infeasible to get any other program to produce the same MD5 signature," Gibson says.

Other firewall vendors are reexamining how their programs verify a program's identity. McAfee.com is already working on an MD5 checksum function for future versions of its firewall, Curry says. The company is also developing a patch to address Gibson's findings.

"Steve [Gibson]'s concerns are valid, and we are going to address them," Curry says. He advises users to check the McAfee.com for a patch this week.

Sygate Personal Firewall 4.0 will be a totally new version of the software and will incorporate the MD5 checksum, says John De Santis, Sygate chief executive officer. The company expects to post a patch for its 2.1 product that eliminates blanket permission for certain ports (but will not yet include the MD5 checksum) on its site this week.

A new firewall from Tiny Software was still in beta version during Gibson's tests, but it implements an MD5 checksum engine. It originally included a list of preapproved apps, but Tiny is reconsidering that approach in light of Gibson's criticism, says Brandon Talaich, Tiny's vice president of marketing. The version of the firewall's Trusted Application Mechanism will identify programs by their MD5 signatures.

Symantec is currently considering several methods, including an MD5 checksum, to more thoroughly verify a program's identity.

"We are going to address all the issues that were brought up by the LeakTest," Powledge says. Symantec has not decided whether to offer an interim fix or wait for a comprehensive update. But Powledge advises concerned customers to disable the program's automatic firewall rule generation. (A document on Symantec's site explains how.)

Likewise, McAfee's Curry says uses of the McAfee.com Personal Firewall should watch the site for an update. "As an ASP, we can roll out upgrades like this to our entire user base very quickly," Curry notes.

"You have to create a balance," Freund says. "Steve [Gibson] points out where that balance should be." Can the program be fooled? Users certainly can, he adds. The firewall will allow a program if the user authorizes that program, but it trusts the customer's judgement.

"People have to understand that downloading a piece of software -- if they have no idea what it is or what it does -- is taking a risk," Freund adds.